exploitDog

CVE-2021-24038

Опубликовано: 19 авг. 2021

Источник: nvd

CVSS3: 7.8

CVSS2: 4.6

EPSS Низкий

Описание

Due to a bug with management of handles in OVRServiceLauncher.exe, an attacker could expose a privileged process handle to an unprivileged process, leading to local privilege escalation. This issue affects Oculus Desktop versions after 1.39 and prior to 31.1.0.67.507.

Ссылки

https://www.facebook.com/security/advisories/cve-2021-24038
Third Party Advisory
https://www.facebook.com/security/advisories/cve-2021-24038
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:oculus:desktop:*:*:*:*:*:*:*:*

Версия от 1.39 (включая) до 31.1.0.67.507 (исключая)

EPSS

Процентиль: 13%

0.00042

Низкий

7.8 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-269

CWE-269

Связанные уязвимости

GHSA-gr73-xmrv-34fc

github

больше 3 лет назад

Due to a bug with management of handles in OVRServiceLauncher.exe, an attacker could expose a privileged process handle to an unprivileged process, leading to local privilege escalation. This issue affects Oculus Desktop versions after 1.39 and prior to 31.1.0.67.507.

EPSS

Процентиль: 13%

0.00042

Низкий

7.8 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-269

CWE-269